Further modularlize config
This commit is contained in:
parent
f5105cea8d
commit
fc10d65648
|
@ -1,96 +1,58 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./private
|
||||
./system/current
|
||||
./packages.nix
|
||||
./fonts.nix
|
||||
./sets/neovim
|
||||
];
|
||||
imports = [
|
||||
./private
|
||||
./system/current
|
||||
./packages.nix
|
||||
./fonts.nix
|
||||
];
|
||||
|
||||
nix = {
|
||||
daemonNiceLevel = 5;
|
||||
daemonIONiceLevel = 1;
|
||||
autoOptimiseStore = true;
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "00:00";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
trustedUsers = [ "artemis" ];
|
||||
nix = {
|
||||
daemonNiceLevel = 5;
|
||||
daemonIONiceLevel = 1;
|
||||
autoOptimiseStore = true;
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "00:00";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
trustedUsers = [ "artemis" ];
|
||||
};
|
||||
|
||||
console = {
|
||||
keyMap = "us";
|
||||
earlySetup = true;
|
||||
};
|
||||
console = {
|
||||
keyMap = "us";
|
||||
earlySetup = true;
|
||||
};
|
||||
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
time.timeZone = "Etc/UTC";
|
||||
time.timeZone = "Etc/UTC";
|
||||
|
||||
environment = {
|
||||
variables = {
|
||||
TERMINAL = "alacritty";
|
||||
|
||||
# for Sway
|
||||
MOZ_USE_XINPUT2 = "1";
|
||||
_JAVA_AWT_WM_NONREPARENTING = "1";
|
||||
GTK_THEME = "Adwaita-dark";
|
||||
};
|
||||
environment = {
|
||||
variables.TERMINAL = "alacritty";
|
||||
enableDebugInfo = true;
|
||||
shellAliases = {
|
||||
vim = "nvim";
|
||||
};
|
||||
};
|
||||
|
||||
sound.enable = true;
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
lxd = {
|
||||
enable = true;
|
||||
recommendedSysctlSettings = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services = {
|
||||
avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
userServices = true;
|
||||
};
|
||||
};
|
||||
accounts-daemon.enable = true;
|
||||
chrony.enable = true;
|
||||
flatpak.enable = true;
|
||||
fwupd.enable = true;
|
||||
kbfs.enable = true;
|
||||
keybase.enable = true;
|
||||
logind.extraConfig = "HandlePowerKey=suspend";
|
||||
pcscd.enable = true;
|
||||
tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
};
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "artemis";
|
||||
dataDir = "/home/artemis";
|
||||
};
|
||||
udev.packages = [
|
||||
pkgs.android-udev-rules
|
||||
(pkgs.callPackage ./externals/rules/adafruit.nix { })
|
||||
(pkgs.callPackage ./externals/rules/fpga.nix { })
|
||||
(pkgs.callPackage ./externals/rules/limesuite.nix { })
|
||||
(pkgs.callPackage ./externals/rules/uhk.nix { })
|
||||
];
|
||||
printing = {
|
||||
|
@ -98,13 +60,6 @@
|
|||
drivers = [ pkgs.brlaser ];
|
||||
};
|
||||
};
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-gtk
|
||||
xdg-desktop-portal-wlr
|
||||
];
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.enable = true;
|
||||
|
@ -117,29 +72,13 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.enable = false;
|
||||
networkmanager = {
|
||||
enable = lib.mkDefault true;
|
||||
ethernet.macAddress = "random";
|
||||
wifi.macAddress = "random";
|
||||
};
|
||||
};
|
||||
networking.firewall.enable = false;
|
||||
|
||||
programs = {
|
||||
adb.enable = true;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
};
|
||||
wireshark = {
|
||||
enable = true;
|
||||
package = pkgs.wireshark-qt;
|
||||
};
|
||||
fish.enable = true;
|
||||
};
|
||||
|
||||
|
@ -148,14 +87,9 @@
|
|||
isNormalUser = true;
|
||||
description = "Artemis Tosini";
|
||||
uid = 1000;
|
||||
extraGroups = [ "networkmanager" "wheel" "adbusers" "wireshark" "video" "docker" "lxd" "plugdev" "dialout" ];
|
||||
extraGroups = [ "wheel" "docker" "lxd" ];
|
||||
# hashedPassword set in private
|
||||
};
|
||||
extraGroups.plugdev = {};
|
||||
users.root = {
|
||||
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
|
||||
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
|
||||
};
|
||||
mutableUsers = false;
|
||||
};
|
||||
systemd.extraConfig = "DefaultLimitCORE=infinity";
|
||||
|
|
42
packages.nix
42
packages.nix
|
@ -3,16 +3,6 @@
|
|||
let
|
||||
llvm = pkgs.llvmPackages_10;
|
||||
go = pkgs.go_1_15;
|
||||
wofi = pkgs.wofi.overrideAttrs ( old: {
|
||||
src = pkgs.fetchhg {
|
||||
url = old.src.url;
|
||||
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
|
||||
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
|
||||
};
|
||||
} );
|
||||
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
|
||||
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
|
||||
})) else pkgs.openocd;
|
||||
in
|
||||
{
|
||||
environment.systemPackages = (with pkgs; [
|
||||
|
@ -54,7 +44,6 @@ in
|
|||
gparted
|
||||
hdparm
|
||||
iptables
|
||||
krb5
|
||||
lm_sensors
|
||||
manpages
|
||||
nethogs
|
||||
|
@ -77,22 +66,6 @@ in
|
|||
ntfs3g
|
||||
udftools
|
||||
|
||||
# Wayland tools
|
||||
dex
|
||||
glib
|
||||
grim
|
||||
imagemagick
|
||||
libnotify
|
||||
mako
|
||||
polkit_gnome
|
||||
slurp
|
||||
wf-recorder
|
||||
wl-clipboard
|
||||
wofi
|
||||
xdg-user-dirs
|
||||
xdg_utils
|
||||
xsettingsd
|
||||
|
||||
# Useful CLI tools
|
||||
age
|
||||
appimage-run
|
||||
|
@ -172,12 +145,6 @@ in
|
|||
valgrind
|
||||
yarn
|
||||
|
||||
# Embedded
|
||||
kicad-unstable
|
||||
openocd
|
||||
stlink
|
||||
(callPackage ./externals/packages/jlink { })
|
||||
|
||||
# Radio
|
||||
gr-limesdr
|
||||
limesuite
|
||||
|
@ -186,15 +153,6 @@ in
|
|||
gqrx
|
||||
|
||||
# Hacking tools
|
||||
aircrack-ng
|
||||
fusee-launcher
|
||||
ghidra-bin
|
||||
insomnia
|
||||
ncat
|
||||
pcsctools
|
||||
pwndbg
|
||||
python37Packages.binwalk-full
|
||||
python37Packages.shodan
|
||||
|
||||
# Security
|
||||
(pass.withExtensions (exts: [ exts.pass-otp ]))
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.udev.packages = [
|
||||
(pkgs.callPackage ../externals/rules/fpga.nix { })
|
||||
];
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Synthesis
|
||||
icestorm
|
||||
|
|
22
sets/hacking.nix
Normal file
22
sets/hacking.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
programs = {
|
||||
adb.enable = true;
|
||||
wireshark = {
|
||||
enable = true;
|
||||
package = pkgs.wireshark-qt;
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
aircrack-ng
|
||||
fusee-launcher
|
||||
ncat
|
||||
pcsctools
|
||||
pwndbg
|
||||
python37Packages.binwalk-full
|
||||
python37Packages.shodan
|
||||
];
|
||||
|
||||
users.users.artemis.extraGroups = [ "adbusers" "wireshark" ];
|
||||
}
|
26
sets/hardware.nix
Normal file
26
sets/hardware.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
openocd = if pkgs.stdenv.cc.isGNU then (pkgs.openocd.overrideAttrs ( old: {
|
||||
NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE ++ [ "-Wno-error=strict-prototypes" ];
|
||||
})) else pkgs.openocd;
|
||||
in
|
||||
{
|
||||
services.udev.packages = [
|
||||
(pkgs.callPackage ../externals/rules/adafruit.nix { })
|
||||
(pkgs.callPackage ../externals/rules/limesuite.nix { })
|
||||
openocd
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
kicad-unstable
|
||||
openocd
|
||||
stlink
|
||||
(callPackage ../externals/packages/jlink { })
|
||||
];
|
||||
|
||||
users = {
|
||||
users.artemis.extraGroups = [ "plugdev" "dialout" ];
|
||||
extraGroups.plugdev = {};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./networkmanager.nix
|
||||
];
|
||||
|
||||
services = {
|
||||
tlp.enable = true;
|
||||
upower.enable = true;
|
||||
|
|
9
sets/networkmanager.nix
Normal file
9
sets/networkmanager.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
{
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
ethernet.macAddress = "random";
|
||||
wifi.macAddress = "random";
|
||||
};
|
||||
users.users.artemis.extraGroups = [ "networkmanager" ];
|
||||
}
|
52
sets/sway.nix
Normal file
52
sets/sway.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
wofi = pkgs.wofi.overrideAttrs ( old: {
|
||||
src = pkgs.fetchhg {
|
||||
url = old.src.url;
|
||||
rev = "e3db9b8075e71399bba14a568c59032f47981dab";
|
||||
sha256 = "07fr1yfls94gxpwv3azgzxm7shjs4g5ribvqrh88flpf4cv5hq2d";
|
||||
};
|
||||
} );
|
||||
in
|
||||
{
|
||||
security.polkit.enable = true;
|
||||
services = {
|
||||
accounts-daemon.enable = true;
|
||||
logind.extraConfig = "HandlePowerKey=suspend";
|
||||
};
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = with pkgs; [
|
||||
xdg-desktop-portal-gtk
|
||||
xdg-desktop-portal-wlr
|
||||
];
|
||||
};
|
||||
sound.enable = true;
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
extraSessionCommands = ''
|
||||
export MOZ_USE_XINPUT2=1
|
||||
export _JAVA_AWT_WM_NONREPARENTING=1
|
||||
export GTK_THEME=Adwaita-dark
|
||||
'';
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
dex
|
||||
glib
|
||||
grim
|
||||
imagemagick
|
||||
libnotify
|
||||
mako
|
||||
polkit_gnome
|
||||
slurp
|
||||
wf-recorder
|
||||
wl-clipboard
|
||||
wofi
|
||||
xdg-user-dirs
|
||||
xdg_utils
|
||||
xsettingsd
|
||||
];
|
||||
}
|
||||
|
19
sets/virtualization.nix
Normal file
19
sets/virtualization.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
lxd = {
|
||||
enable = true;
|
||||
recommendedSysctlSettings = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.users = {
|
||||
artemis.extraGroups = [ "docker" "lxd" ];
|
||||
root = {
|
||||
subUidRanges = [ { startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; } ];
|
||||
subGidRanges = [ { startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,9 +5,12 @@
|
|||
./boot-config.nix
|
||||
./secure-boot.nix
|
||||
./hardware-configuration.nix
|
||||
../../sets/gpu/intel.nix
|
||||
../../sets/cpu/intel.nix
|
||||
../../sets/gpu/intel.nix
|
||||
../../sets/hacking.nix
|
||||
../../sets/laptop.nix
|
||||
../../sets/neovim
|
||||
../../sets/sway.nix
|
||||
];
|
||||
|
||||
networking.hostName = "rainbowdash";
|
||||
|
|
|
@ -4,10 +4,13 @@
|
|||
imports = [
|
||||
./boot-config.nix
|
||||
./hardware-configuration.nix
|
||||
../../services/ssh.nix
|
||||
../../sets/gpu/intel.nix
|
||||
../../sets/cpu/intel.nix
|
||||
../../sets/gpu/intel.nix
|
||||
../../sets/hacking.nix
|
||||
../../sets/laptop.nix
|
||||
../../sets/neovim
|
||||
../../sets/ssh.nix
|
||||
../../sets/sway.nix
|
||||
];
|
||||
|
||||
networking.hostName = "spike";
|
||||
|
|
|
@ -5,11 +5,16 @@
|
|||
./boot-config.nix
|
||||
./hardware-configuration.nix
|
||||
./nginx.nix
|
||||
../../services/ssh.nix
|
||||
../../private/starlight.nix
|
||||
../../sets/cpu/amd.nix
|
||||
../../sets/fpga.nix
|
||||
../../sets/gpu/amd.nix
|
||||
../../sets/cpu/amd.nix
|
||||
../../private/starlight.nix
|
||||
../../sets/hacking.nix
|
||||
../../sets/hardware.nix
|
||||
../../sets/neovim
|
||||
../../sets/ssh.nix
|
||||
../../sets/sway.nix
|
||||
../../sets/virtualization.nix
|
||||
];
|
||||
|
||||
networking.hostName = "starlight";
|
||||
|
@ -19,7 +24,6 @@
|
|||
KERNEL=="eth*", ATTR{address}=="00:0f:53:16:15:9d", NAME="lan10g1"
|
||||
'';
|
||||
|
||||
networking.networkmanager.enable = false;
|
||||
networking.bridges.br0 = {
|
||||
rstp = true;
|
||||
interfaces = [ "lan10g0" "lan10g1" "enp4s0" ];
|
||||
|
@ -33,12 +37,9 @@
|
|||
};
|
||||
networking.dhcpcd.allowInterfaces = [ "br0" ];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
services = {
|
||||
tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
};
|
||||
services.tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
};
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ];
|
||||
|
|
Loading…
Reference in a new issue